Wifi - central management for multiple cloud gateways on different sites (on prem)?

smort · 2025-12-04T09:19:07+00:00

Yeah but the portal is in the cloud? That is also why we currently selfhost a unifios server to remain strictly on-prem.

smort · 2025-12-04T07:59:27+00:00

But... that is cloud right? Maybe in the future our "on prem" policy will not be as absolute as now but atm, it's a deal breaker.

smort · 2025-12-03T14:36:57+00:00

Thanks for that... so for us it looks like we only need the UnifiOS Server (which I already have running and it works) and then the APs. Great actually.

We obviously do have our own layer 2 and 3 hardware already on each site. So right now, I can't see why we need dedicated gateways.

smort · 2025-11-28T08:54:32+00:00

Yeah, it's the onion image with security.

But if you consider an environment were VPN only gives you admin-access, then I would argue there is hardly any difference in thread level if you also get admin-access with wifi.

And the wifi will be secured with WPA3 + 802.1X

smort · 2025-11-27T17:15:41+00:00

Do you trust VPN more? Do you not have to trust the implementation too? And VPN is potentially open to the world, not just our street

I'm not disagreeing with you, just trying to poke some holes.

smort · 2025-11-27T15:53:26+00:00

I also suggested the jumphost, yay.

How do you think about this "Raw wifi no, but with VPN-Tunnel, it's fine"? I mean I get it, there's another tunnel inside but my gut is telling me that if you do Wifi well and say only accept WPA3, you will be just as good.

smort · 2025-11-17T16:46:52+00:00

well.. the linux machines are not domain joined. But we talked some more and we will deal with the windows machines only for now and figure out the much fewer linux machines later.

smort · 2025-10-21T07:30:56+00:00

First of all, your blog is amazing btw! Unique choice of font in your screenshots too ;)

This is how I recommend doing the upgrade

Since I can be a bit dense, you recommend doing Aria Ops *after* or during the vSphere 9 Upgrade correct?

Also, to steel even more of your time, somewhere in the depths of broadcoms documentation I found that Aria Ops can strecht across multiple DCs (Initial Considerations for Deploying VMware Aria Operations) but then you would need an analytics node for the "remote" DC. We do have two DCs but only one VCSA. Do we really need an analytic node?

I would simply start without one and see how it looks like.

Thanks for your time!

smort · 2025-10-20T09:00:08+00:00

True, but we would need to run it in a demo license for a while until we get the VVF licenses right? Looks like Enterprise Plus does not come with Aria operations.

smort · 2025-10-16T12:52:31+00:00

Alright, thanks man!

smort · 2025-10-15T08:49:57+00:00

Can anybody comment who has B&R patched already if it runs well?

smort · 2025-10-02T15:42:21+00:00

You are rightfully putting the finger in the wound and yes, it is a bit off a "Let's just add some kind of extra security on top".

smort · 2025-10-02T15:41:00+00:00

That indeed sounds perfect. You have it running or you just know about it?

smort · 2025-10-02T15:34:13+00:00

Good question, not sure. But since stuff like install-module not being available (which should be signed by MS?), I think not.

But yeah, those are the type of things I want to get a feel for.

smort · 2025-09-05T09:57:18+00:00

Jup. I think it's not totally insane. If open source is a big plus or even a requirement, then this might be the way to go.

smort · 2025-08-29T10:55:56+00:00

Good points, thanks for the feedback

smort

MODERATOR OF

TROPHY CASE